[technique] WiP : Proposition de conf BGP

Jérôme Nicolle jerome at ceriz.fr
Sam 17 Déc 19:16:16 CET 2011


Arf, j'avais oublié des tas de trucs en fait


###
#
# BIRD IPv4 COnfiguration for AS197422 - Paris node (gw.tetaneutral.net)
#
###
#
# Conventions
#
# Local Prefs :
# (beware localprefs are transmited over iBGP : should be set
accordingly for internal TE)
# - Customers / members fromm 300 to 399
# - IX from 200 to 299
# - Transits from 100 to 199
#
# Communities :
# WiP
#
###
#
# History (topmost is most recent activity)
# 20111217 - jerome at ceriz.fr - 	major rewriting, creation of doc header
#				local pref rescaling - tie break avoidance on IX's RS, should make
updates faster
#				commented out remotely disconfigured peers
#
###


router id 91.224.148.1;
define myas = 197422;

timeformat base     iso long;
timeformat log      iso long;
timeformat protocol iso long;
timeformat route    iso long;

# incremented log (jni 20111217)
log "/var/log/bird-20111217.log" all;

debug commands 2;


# disabled debuging (jni 20111217)
#debug protocols all;
#debug protocols { states };
#debug protocols { routes };
#debug protocols { filters  };
#debug protocols { interfaces };
#debug protocols { events };
#debug protocols { packets };
debug protocols off;
#debug protocols { states, events };

protocol device {
	scan time 10;
        primary "eth0.124" 195.250.40.154;
}

protocol static static_bgp {
	import all;
	route 91.224.148.0/23 reject;
}

protocol static {
	route 192.168.2.0/24 via "eth0";
	route 91.224.149.0/24 via 91.224.148.3;
	route 91.224.148.4/31 via 91.224.148.3;
}

protocol kernel{
	import all;
	export all;
}


function avoid_martians()
prefix set martians;
{

  # replaced pfx_lenght and 0/0 route by extended martian filters,
faster and shorter (jni 20111217)
  martians = [ 	169.254.0.0/16+,
		172.16.0.0/12+,
		192.168.0.0/16+,
		10.0.0.0/8+,
		224.0.0.0/4+,
		240.0.0.0/4+,
		0.0.0.0/32-,
		0.0.0.0/0{25,32},
		0.0.0.0/0{0,7} ];

  if net ~ martians then return false;

  return true;
}



filter bgp_OUT {
	if (net ~ [91.224.148.0/23]) then accept;
	else reject;
}

filter bgp_OUT_148 {
	if (net ~ [91.224.148.0/24]) then accept;
	else reject;
}

filter bgp_OUT_149 {
	if (net ~ [91.224.149.0/24]) then accept;
	else reject;
}

filter bgp_IN_CHIWAWA {
        if (net ~ [91.224.148.32/29]) then accept;
        else reject;
}

###
# BGP sessions
###

# iBGP session to h3
protocol bgp TETANEUTRAL {
	local as myas;
	neighbor 91.224.148.3 as myas;
        #preference 50; # not required : eBGP prefered over iBGP (jni
20111217)
	#import where avoid_martians();
	import bgp_IN_CHIWAWA;
	export all;	
}

#
# transits
#

protocol bgp GIXE {
	local as myas;
	neighbor 195.250.40.153 as 31576;
     	import where avoid_martians();
        export filter bgp_OUT;
	preference 100;
}

# inactive as of 20111217
#protocol bgp LIAZO {
#	local as myas;
#	neighbor 178.20.55.178 as 50618;
#     	import where avoid_martians();
#        export filter bgp_OUT;
#	preference 110;
#}

protocol bgp ABSOLIGHT {
	local as myas;
	neighbor 79.143.245.101 as 29608;
        preference 155;
     	import where avoid_martians();
        export filter bgp_OUT;
}

###
#
# IX route serveurs
#
###
#
# Local Prefs settings :
#
# We prefer some IX over others due to capacity and/or price
# Primary RS are slightly prefered over secondary RS to make the BGP
# decision process faster, yet keeping redundancy
#
# FR-IX : pri 201, sec 200
# France-IX : pri 250, sec 249
# Equinix-IX : pri 280, sec 279
#
###

# fr-ix : per-trafic fee (?), deprecated over other IXs
protocol bgp FR_IX_RS1 {
	local as myas;
	neighbor 91.216.67.1 as 65444;
        preference 200;
	import where avoid_martians();
	export filter bgp_OUT;
}

protocol bgp FR_IX_RS2 {
	local as myas;
	neighbor 91.216.67.2 as 65444;
        preference 201;
	import where avoid_martians();
	export filter bgp_OUT;
}

# disabled for Paris' gw
#protocol bgp TOUIX {
#        local as myas;
#        neighbor 91.213.236.1 as 47184;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}


# france-ix : FastE port, deprecated over Equinix
protocol bgp FRANCE_IX_RS1 {
        local as myas;
        neighbor 193.105.232.250 as 51706;
        preference 250;
        import where avoid_martians();
	export filter bgp_OUT;
	#password "mypass";
}

protocol bgp FRANCE_IX_RS2 {
        local as myas;
        neighbor 193.105.232.251 as 51706;
        preference 249;
        import where avoid_martians();
        export filter bgp_OUT;
	#password "mypass";	
}

# equinix : GigE port, prefered over France-IX
protocol bgp EQUINIX_IX_COLLECTOR {
        local as myas;
        neighbor 195.42.144.250 as 65517;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp EQUINIX_IX_RS1 {
        local as myas;
        neighbor 195.42.144.98 as 24115;
        preference 279;
	next hop self;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp EQUINIX_IX_RS2 {
        local as myas;
        neighbor 195.42.144.99 as 24115;
        preference 280;
	next hop self;
        import where avoid_martians();
        export filter bgp_OUT;
}


#
# Individual peers out of RS
#
# note : LP should be set according to IX : shortest AS path will be
prefered anyway
#

# AFNIC 1 on France IX
protocol bgp AFNIC_1 {
        local as myas;
        neighbor 193.105.232.20 as 2483;
        preference 249;
        import where avoid_martians();
        export filter bgp_OUT;
}
# AFNIC 2 on France IX
protocol bgp AFNIC_2 {
        local as myas;
        neighbor 193.105.232.21 as 2486;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

# AFNIC on Equinix
protocol bgp AFNIC_EQUINIX {
        local as myas;
        neighbor 195.42.144.153 as 2486;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}


protocol bgp SIS_EQUINIX {
        local as myas;
        neighbor 195.42.144.77 as 50858;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

# lowered IPv4 pref on HE to avoid their london core
protocol bgp HE_EQUINIX_IX {
        #local as 65422;
        #enable as4 off;
        local as myas;
        neighbor 195.42.144.104 as 6939;
        preference 210;
	#passive on;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp HE_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.10 as 6939;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}


protocol bgp E4A_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.69 as 34695;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp E4A_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.26 as 34695;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

# inactive as of 20111217
#protocol bgp IKOULA_FRANCE_IX {
#        local as myas;
#        neighbor 193.105.232.76 as 21409;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}


protocol bgp CLARANET_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.30 as 8426;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

##Does not support ASN32 yet
#protocol bgp CLARANET_1_FRANCE_IX {
#        local as myas;
#        neighbor 193.105.232.60 as 8426;
#        preference 300;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

protocol bgp CLARANET_2_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.61 as 8426;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp PCH_1_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.17 as 42;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp PCH_2_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.18 as 3856;
        preference 279;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp PCH_1_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.92 as 42;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp PCH_2_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.91 as 3856;
        preference 249;
        import where avoid_martians();
        export filter bgp_OUT;
}

# inactive as of 20111217
#protocol bgp ASCUS_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.118 as 39912;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

# inactive as of 20111217
#protocol bgp ASCUS_FRANCE_IX {
#        local as myas;
#        neighbor 193.105.232.85 as 39912;
#        preference 250;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

# inactive as of 20111217
#protocol bgp AQUARAY_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.145 as 41653;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

# inactive as of 20111217
#protocol bgp MULTIVISP_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.38 as 34021;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

protocol bgp GANDI_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.8 as 29169;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

# inactive as of 20111217
#protocol bgp ALSATIS_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.70 as 48072;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

# inactive as of 20111217
#protocol bgp HEXAGLOBE_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.110 as 31564;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

protocol bgp INIT7_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.138 as 13030;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

# inactive as of 20111217
#protocol bgp PPR_FRANCE_IX {
#        local as myas;
#        neighbor 193.105.232.64 as 15422;
#        preference 250;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

# inactive as of 20111217
#protocol bgp PPR_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.107 as 15422;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

protocol bgp ATRATO_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.9 as 5580;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

# inactive as of 20111217
#protocol bgp AZURIA_EQUINIX_IX {
#        local as myas;
#        neighbor 195.42.144.141 as 28877;
#        preference 280;
#        import where avoid_martians();
#        export filter bgp_OUT;
#}

protocol bgp AS112_FRANCE_IX {
        local as myas;
        neighbor 193.105.232.37 as 112;
        preference 250;
        import where avoid_martians();
        export filter bgp_OUT;
}

protocol bgp AS112_EQUINIX_IX {
        local as myas;
        neighbor 195.42.144.146 as 112;
        preference 280;
        import where avoid_martians();
        export filter bgp_OUT;
}

#
# Customers / members
#

#backup access : lower pref than primary (399)
protocol bgp CHIWAWA {
        local as myas;
        neighbor 91.224.148.19 as 64600;
        import filter bgp_IN_CHIWAWA;
        export where avoid_martians();
	preference 350;
}



-- 
Jérôme Nicolle
06 19 31 27 14



Plus d'informations sur la liste de diffusion technique